Cookies for MFA Bypass Gain Traction Among Cyberattackers

Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security. [TechWeb]( Follow Dark Reading: [RSS]( November 14, 2022 LATEST SECURITY NEWS & COMMENTARY [Cookies for MFA Bypass Gain Traction Among Cyberattackers]( Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security. [Uyghurs Targeted With Spyware, Courtesy of PRC]( Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals. [Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors]( The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities. [Why CVE Management as a Primary Strategy Doesn't Work]( With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Veterans Day Salute: 6 Reasons Why You Want Vets in Your Cyber Platoon]( We commend vets in cyber, with this slideshow look at how the training and experience of former military personnel can be a big, differentiating asset in cybersecurity environments. [Amazon, Microsoft Cloud Leaks Highlight Lingering Misconfiguration Issues]( Cloud storage databases, often deployed as "rogue servers" without the blessing of the IT department, continue to put companies and their sensitive data at risk. [How to Close Kubernetes' Network Security Gap]( StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit. [MORE]( EDITORS' CHOICE [Twitter's CISO Takes Off, Leaving Security an Open Question]( Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action. LATEST FROM THE EDGE [Why Cybersecurity Should Highlight Veteran-Hiring Programs]( Military veterans tend to have the kind of skills that would make them effective cybersecurity professionals, but making the transition is not that easy. LATEST FROM DR TECHNOLOGY [Cybersecurity 'Nutrition' Labels Still a Work in Progress]( Pretty much every aspect of the effort to create easy-to-understand labels for Internet of Things (IoT) products is up in the air, according to participants in the process. WEBINARS - [How to Protect Your Legacy Software Applications]( Agile development and continuous integration/continuous deployment have changed the game for application development practices, leading enterprises to "shift left" and build security into the software development lifecycle to catch any vulnerabilities before applications go into production. But what about ... - [Cybersecurity: What You Don't Know Can Hurt You]( Do your attackers have a better view of your risks in your environment than you? With the aggressive move to the cloud comes an expanding and complex attack surface that adversaries are waiting to exploit. As a result, organizations are ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Your Digital Transformation Is Being Sabotaged - The Surprising Impact of Sophisticated Bots]( - [BotGuard for Denial of Inventory & Stockouts]( - [Achieve Balanced Security and Performance with Next-Generation Software-Defined WAN]( - [Top Four Steps to Reduce Ransomware Risk]( - [2022 Cyberthreat Defense Report]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [OpenText Security Solutions Global SMB Ransomware Survey Reveals Heightened Worry about Increased Cyberattacks Due to Geopolitical Tensions]( [Compliancy Group Urges Healthcare Organizations to Complete Their HIPAA Security Risk Assessments]( [Research Finds Less Than a Quarter of Organizations Fully Confident Ex-Employees No Longer Have Access to Company Infrastructure]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Creating an Effective Incident Response Plan]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)